You are here

public function ConfigurationAccessControlTrait::checkConfigurationAccess in Rules 8.3

Checks configuration permission.

Parameters

\Drupal\Core\Session\AccountInterface $account: (optional) The user for which to check access, or NULL to check access for the current user. Defaults to NULL.

bool $return_as_object: (optional) Defaults to FALSE.

Return value

bool|\Drupal\Core\Access\AccessResultInterface The access result. Returns a boolean if $return_as_object is FALSE (this is the default) and otherwise an AccessResultInterface object. When a boolean is returned, the result of AccessInterface::isAllowed() is returned, i.e. TRUE means access is explicitly allowed, FALSE means access is either explicitly forbidden or "no opinion".

File

src/Core/ConfigurationAccessControlTrait.php, line 29

Class

ConfigurationAccessControlTrait
Implements access related functions for plugins.

Namespace

Drupal\rules\Core

Code

public function checkConfigurationAccess(AccountInterface $account = NULL, $return_as_object = FALSE) {
  if (!$account) {
    $account = \Drupal::currentUser();
  }

  // We treat these as our "super-user" accesses. We let the reaction
  // rule and component permissions control the main admin UI.
  $admin_perms = [
    'administer rules',
    'bypass rules access',
  ];
  $access = FALSE;
  foreach ($admin_perms as $perm) {
    if ($account
      ->hasPermission($perm)) {
      $access = TRUE;
      break;
    }
  }
  if (!$access) {

    // See if the plugin has a configuration_access annotation.
    $definition = $this
      ->getPluginDefinition();
    if (!empty($definition['configure_permissions']) && is_array($definition['configure_permissions'])) {
      foreach ($definition['configure_permissions'] as $perm) {
        if ($account
          ->hasPermission($perm)) {
          $access = TRUE;
          break;
        }
      }
    }
  }
  if ($return_as_object) {
    return $access ? AccessResult::allowed() : AccessResult::neutral();
  }
  return $access;
}